Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android App Siphons Data on 200 Million Users

A popular Android keyboard application with over 200 million downloads was found gathering user information sending the data a remote server, Adguard reveals.

A popular Android keyboard application with over 200 million downloads was found gathering user information sending the data a remote server, Adguard reveals.

The offending application, GO Keyboard, has two versions available in Google Play, namely GO Keyboard – Emoji keyboard, Swipe input, GIFs and GO Keyboard – Emoticon keyboard, Free Theme, GIF, each with over 100 million downloads to date.

The keyboard is developed by Chinese firm GOMO, which has numerous applications in the mobile app store, under two developer accounts, namely GOMO Dev Team and GOMO Apps.

According to Adguard security researchers, the applications were designed to siphon a large amount of user data, including Google account emails, device language, IMSI, location, network type, screen size, Android version and build, and device model.

The data is gathered and sent to a remote server without explicit user consent, the researchers reveal. Furthermore, the practice also contradicts the application’s privacy policy, which claims that the software will never collect user personal information.

On top of that, the researchers also discovered that, shortly after installation, both applications would download and execute code from a remote server. Among the downloaded plugins, the researchers discovered some that have been marked as adware or potentially unwanted programs.

Because of this behavior, the applications are considered malicious in nature, the researchers say. They clearly violate the Google Play content policies, which state that apps are prohibited from stealing a user’s authentication information, as well as from downloading executable code from a source other than Google Play.

Advertisement. Scroll to continue reading.

Another worrying aspect is that, because these applications are keyboards, everything that the user enters on the phone goes through them. The apps also communicate with dozens of third-party trackers and ad networks, in addition to getting access to sensitive data such as users’ identity, phone calls log, contacts, and microphone.

“Given the apps’ extensive permissions, remote code execution introduces severe security and privacy risks. At any time the server owner may decide to change the app behavior and not just steal your email address, but do literally whatever he or she wants,” Andrey Meshkov, Co-founder, Adguard, points out.

The security researchers have reported their findings to Google but it appears that the company hasn’t taken a decision yet and that both GO Keyboard versions continue to be available in Google Play.

“Having 200+ Million users does not make an app trustworthy. Do not blindly trust mobile apps and always check their privacy policy and what permissions do they require before the installation,” Meshkov concludes.

Related: Information-Collecting Android Keyboard Tops 50 Million Installs

Related: SpyDealer Malware Steals Private Data From Popular Android Apps

Related: Hundreds of Fake Android Antivirus Apps Deliver Malware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.